Question:
We're migrating a test environment with two backend Policy Servers
12.52, to 12.7. The operating system is Red Hat 6.8 and
documentation talks about adding the attribute BackwardCompatibleMode
while migrating versions to avoid agent key update rollover problem.
The question is that, when reading the "sm.registry" file of Policy
Server, it has windows registry format and don't know how to add this
value at unix file. We have searched knowledge and communities and
found this tip
https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2017/12/04/tech-tip-ca-single-sign-on-policy-serveran-agent-change-key-command-was-received-that-contained-a-set-of-null-keys
but it's not solving the problem.
Can you help us in how to add this value at sm.registry file over unix
operating system?
Answer:
The syntax should be :
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer BackwardCompatibleMode= 0x1; REG_DWORD
Note that this registry setting is available only from Policy Server 12.7
KB : KB000101652